01 - Simple - TGS_REP

Return

[TGS-REP] pvno: 5, msg-type: 13
crealm: TEST.LOCAL
cname: adm_ad (1)
ticket:
[Ticket] tkt-vno: 5
realm: TEST.LOCAL
sname: cifs/srv-01.test.local (2)
enc-part: EncryptedData[EncTicketPart] etype: 0x12 (AES256_HMAC_SHA1_96), kvno: 6
[EncTicketPart] NO DATA
flags: 0x40a10000 (enc_pa_rep, name_canonicalize, pre_authent, renewable, forwardable)
key: [EncryptionKey] keytype: 0x12, keyvalue: adc27ca6e7b2f4206f4d514f629034ae7505154890f839459905971b70957c58
crealm: TEST.LOCAL
cname: adm_ad (1)
transited: TODO
authtime: 2017/05/23 08:05:12.0
*starttime: 2017/05/23 08:05:12.0
endtime: 2017/05/23 18:05:12.0
*renew-till: 2017/05/30 08:05:12.0
*authorization-data:
[type: 1 - sise: 766] AD-IF-RELEVANT
[type: 128 - sise: 744] AD-WIN2K-PAC
[PACTYPE]
cBuffers: 5
Version: 0
Buffers:
[PAC_INFO_BUFFER 0] ulType: 0x1, cbBufferSize: 512, Offset: 0x64f72008e8
[KERB_VALIDATION_INFO]
LogonTime: 2017/05/23 08:04:43.509
PasswordLastSet: 2017/05/23 08:03:18.266
PasswordCanChange: 2017/05/24 08:03:18.266
EffectiveName: adm_ad
FullName: adm_ad
LogonCount: 2
BadPasswordCount: 0
UserId: 1119
PrimaryGroupId: 513
GroupIds (GroupCount: 2): 513 (0x7), 512 (0x7)
UserFlags: 544
LogonServer: DC-2016
LogonDomainName: TESTLOCAL
LogonDomainId: S-1-5-21-2322411092-424064500-325241940
UserAccountControl: 0x210
FailedILogonCount: 0
ExtraSids (SidCount: 1):
S-1-18-1 (7)
ResourceGroupDomainSid: S-1-5-21-2322411092-424064500-325241940
ResourceGroupIds (ResourceGroupCount: 1): 572 (0x20000007)
[PAC_INFO_BUFFER 1] ulType: 0xa, cbBufferSize: 22, Offset: 0x64f7200ae8
[PAC_CLIENT_INFO]
ClientId: 0x01d2d39b-0x4d73ec00
Name: adm_ad
[PAC_INFO_BUFFER 2] ulType: 0xc, cbBufferSize: 80, Offset: 0x64f7200b00
[UPN_DNS_INFO]
Upn: adm_ad@test.local
DnsDomainName: TEST.LOCAL
Flags: 0x0
[PAC_INFO_BUFFER 3] ulType: 0x6, cbBufferSize: 16, Offset: 0x64f7200b50
[PAC_SIGNATURE_DATA] Server Signature
SignatureType: 0x10
Signature: a6fba5ce00774c2045a436f0
[PAC_INFO_BUFFER 4] ulType: 0x7, cbBufferSize: 20, Offset: 0x64f7200b60
[PAC_SIGNATURE_DATA] KDC Signature
SignatureType: 0xffffff76
Signature: a0030fa5a258e73cb0ae82169ee1809f
[type: 1 - sise: 95] AD-IF-RELEVANT
[type: 141 - sise: 53] KERB-AD-RESTRICTION-ENTRY
type: 0 - sise: 0
type: 0 - sise: 40
[type: 142 - sise: 16] KERB-LOCAL - TODO
enc-part: EncryptedData[EncTGSRepPart] etype: 0x12 (AES256_HMAC_SHA1_96)
[EncKDCRepPart]
key: [EncryptionKey] keytype: 0x12, keyvalue: adc27ca6e7b2f4206f4d514f629034ae7505154890f839459905971b70957c58
last-req: TODO
nonce 0x4caa0344
flags: 0x40a10000 (enc_pa_rep, name_canonicalize, pre_authent, renewable, forwardable)
authtime: 2017/05/23 08:05:12.0
starttime: 2017/05/23 08:05:12.0
endtime: 2017/05/23 18:05:12.0
*renew-till: 2017/05/30 08:05:12.0
srealm: TEST.LOCAL
sname: cifs/srv-01.test.local (2)

[Ticket] is service ticket for adm_ad (referenced by cname: adm_ad) to srv-01$ (referenced by sname: cifs/srv-01.test.local).

[AD-IF-RELEVANT] is PAC for adm_ad (referenced by cname: adm_ad in [EncTicketPart]).

[EncTicketPart] is encrypted with KS (referenced by sname: cifs/srv-01.test.local).

[EncKDCRepPart] is encrypted with SC,K (same key as that contained in [Ticket][EncTicketPart] in TGS_REQ).

SC,S is adc27ca6e7b2f4206f4d514f629034ae7505154890f839459905971b70957c58.